CVE-2024-23350: Reachable Assertion in Multi Mode Call Processor
First published: Mon Aug 05 2024(Updated: )
Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| All of | ||
| Qualcomm WSA8845H | ||
| Qualcomm WSA8845H Firmware | ||
| All of | ||
| Qualcomm WSA8845H | ||
| Qualcomm WSA8845 Firmware | ||
| All of | ||
| Qualcomm WSA8840 Firmware | ||
| Qualcomm WSA8840 Firmware | ||
| All of | ||
| Qualcomm WCD9395 | ||
| qualcomm wcd9395 firmware | ||
| All of | ||
| Qualcomm WCD9390 Firmware | ||
| Qualcomm WCD9390 Firmware | ||
| All of | ||
| Qualcomm WCD9340 Firmware | ||
| Qualcomm WCD9340 Firmware | ||
| All of | ||
| Qualcomm Snapdragon X75 5G Modem-RF System Firmware | ||
| Qualcomm Snapdragon X75 5G Modem-RF | ||
| All of | ||
| Qualcomm Snapdragon X72 5G-RF System Firmware | ||
| Qualcomm Snapdragon X72 5G Modem-RF | ||
| All of | ||
| Qualcomm Snapdragon X35 5G-RF System Firmware | ||
| Qualcomm Snapdragon X35 5G-RF System | ||
| All of | ||
| Qualcomm Snapdragon Auto 5G-RF Gen 2 Firmware | ||
| Qualcomm Snapdragon Auto 5G Modem-RF | ||
| All of | ||
| Qualcomm Snapdragon 8 Gen 3 Mobile Firmware | ||
| Qualcomm Snapdragon 8 Gen 3 Mobile Platform | ||
| All of | ||
| Qualcomm QFW7124 | ||
| Qualcomm QFW7124 | ||
| All of | ||
| Qualcomm QFW7114 Firmware | ||
| Qualcomm QFW7114 Firmware | ||
| All of | ||
| Qualcomm QEP8111 Firmware | ||
| Qualcomm QEP8111 Firmware | ||
| All of | ||
| Qualcomm QCN6274 Firmware | ||
| Qualcomm QCN6274 Firmware | ||
| All of | ||
| Qualcomm QCN6224 Firmware | ||
| Qualcomm QCN6224 Firmware | ||
| All of | ||
| Qualcomm QCC710 | ||
| Qualcomm QCC710 | ||
| All of | ||
| Qualcomm QCA8337 Firmware | ||
| Qualcomm QCA8337 Firmware | ||
| All of | ||
| Qualcomm QCA8081 firmware | ||
| Qualcomm QCA8081 firmware | ||
| All of | ||
| Qualcomm QCA6698AQ | ||
| Qualcomm QCA6698AQ Firmware | ||
| All of | ||
| qualcomm QCA6584AU firmware | ||
| Qualcomm QCA6584 | ||
| All of | ||
| Qualcomm QCA6174A Firmware | ||
| Qualcomm QCA6174A Firmware | ||
| All of | ||
| Qualcomm Fastconnect 7800 Firmware | ||
| Qualcomm Fastconnect 7800 Firmware | ||
| All of | ||
| Qualcomm FastConnect 6900 Firmware | ||
| Qualcomm Fastconnect 6900 Firmware | ||
| All of | ||
| Qualcomm AR8035 Firmware | ||
| Qualcomm AR8035 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-targeted-attacks/
- https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html
- https://www.theregister.com/2024/08/06/google_fixes_linux_kernal_rce/
- https://source.android.com/docs/security/bulletin/2024-08-01/#asterisk
- https://source.android.com/docs/security/bulletin/2024-08-01 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-23350?
CVE-2024-23350 is classified as a Permanent Denial of Service (DOS) vulnerability.
How do I fix CVE-2024-23350?
To address CVE-2024-23350, ensure updating to the latest firmware versions provided by Qualcomm or Google that include patches for this vulnerability.
Which products are affected by CVE-2024-23350?
CVE-2024-23350 affects various Qualcomm firmware products including WSA8845, WSA8840, WCD9395, and Android systems.
What type of attack can exploit CVE-2024-23350?
CVE-2024-23350 can be exploited through malicious payloads sent via DL NAS transport.
Is there any known exploit for CVE-2024-23350?
As of now, there have been reports of exploitation of CVE-2024-23350, resulting in active attacks leveraging this vulnerability.
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-36971
- alias/CVE-2024-32896
- alias/CVE-2024-29748
- alias/CVE-2024-23350
- collector/the-register
- source/The Register
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm wsa8845h
- canonical/qualcomm wsa8845h firmware
- canonical/qualcomm wsa8845 firmware
- canonical/qualcomm wsa8840 firmware
- canonical/qualcomm wcd9395
- canonical/qualcomm wcd9395 firmware
- canonical/qualcomm wcd9390 firmware
- canonical/qualcomm wcd9340 firmware
- canonical/qualcomm snapdragon x75 5g modem-rf system firmware
- canonical/qualcomm snapdragon x75 5g modem-rf
- canonical/qualcomm snapdragon x72 5g-rf system firmware
- canonical/qualcomm snapdragon x72 5g modem-rf
- canonical/qualcomm snapdragon x35 5g-rf system firmware
- canonical/qualcomm snapdragon x35 5g-rf system
- canonical/qualcomm snapdragon auto 5g-rf gen 2 firmware
- canonical/qualcomm snapdragon auto 5g modem-rf
- canonical/qualcomm snapdragon 8 gen 3 mobile firmware
- canonical/qualcomm snapdragon 8 gen 3 mobile platform
- canonical/qualcomm qfw7124
- canonical/qualcomm qfw7114 firmware
- canonical/qualcomm qep8111 firmware
- canonical/qualcomm qcn6274 firmware
- canonical/qualcomm qcn6224 firmware
- canonical/qualcomm qcc710
- canonical/qualcomm qca8337 firmware
- canonical/qualcomm qca8081 firmware
- canonical/qualcomm qca6698aq
- canonical/qualcomm qca6698aq firmware
- canonical/qualcomm qca6584au firmware
- canonical/qualcomm qca6584
- canonical/qualcomm qca6174a firmware
- canonical/qualcomm fastconnect 7800 firmware
- canonical/qualcomm fastconnect 6900 firmware
- canonical/qualcomm ar8035 firmware